Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
UdaM
New Contributor III

internal URL not resolve of FortiSASE

I created DNS rule for access internal domains from clients but not resolving URLs. How can i troubleshoot the issue? 

 

 

~UdaM~
~UdaM~
3 REPLIES 3
fg_muc
New Contributor III

Hi,

 

you can't really troubleshoot stuff in FortiSASE like we know from onprem FortiGates.

I would first try to sniff for the DNS traffic, which you should see in the IPsec tunnel to your SPA site.
Then maybe also run a debug to see what's happening with this traffic.

 

I've heard of a Split DNS issue in new SASE instances which occur if you configured the SPA with BGP on loopback, only support can fix this with a workaround.

 

KR Fabian

"Latency is just your network being dramatic."
"Latency is just your network being dramatic."
UdaM
New Contributor III

Thank you @fg_muc for your advice. I'll open support case.

~UdaM~
~UdaM~
UdaM
New Contributor III

Resolved with help of SASE TAC team.. Resolved by 

 

1. Enable NAT on firewall policy

2. Add tunnel IP to the FW policy

~UdaM~
~UdaM~
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors